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Reasons for Allowance 

1. Status of Claims: Claims 2-4, 6, 9, 1 1, 14-15, 26-33 remain. The Applicant has cancelled 
claims 1, 5, 7-8, 10, 12-13, 16-25. In the previous office action dated 7/29/05, the Examiner 
indicated the allowability of Independent claims 3 and 6. The reasons claims 2-4, 6, 9, 11, 14- 
15, 26-33 are allowable are listed below: 

2. In the prior art of security, prior art fails to disclose or suggest, "completing a 
vulnerability assessment of the workstation to identity security vulnerabilities that would 
compromise the secure operation of the workstation", "generating workstation security 
credentials based on the vulnerability assessment, the workstation security credentials including 
integrity information describing whether the workstation has been compromised", and "security 
posture information describing the workstation's potential for compromise", an example of prior 
art that fails to disclose or suggest, "completing a vulnerability assessment of the workstation to 
identity security vulnerabilities that would compromise the secure operation of the workstation", 
"generating workstation security credentials based on the vulnerability assessment, the 
workstation security credentials including integrity information describing whether the 
workstation has been compromised", and "security posture information describing the 
workstation's potential for compromise", is Perlman. Perlman discloses a security system for 
restricting user access privileges through an untrusted terminal connected to a network. The 
untrusted terminal includes a credential server. Perlman discloses that the credential server is 
capable of generating credentials to permit a user to perform privilege operations. The Perlman 
reference discloses that a terminal can prove that it is trusted by demonstrating the knowledge of 
a secret or private key whose public key has been certified as belonging to a trusted workstation, 
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thus if the terminal cannot prove that it is trusted it is untrusted. In contrast to the claim 
limitations, Perlman does not disclose or suggest performing a vulnerability assessment, and 
there is not discussion or suggestion of a scan that finds evidence of a compromise or potential 
for compromise. 

3. In the prior art of security, prior art fails to disclose or suggest, "completing a 
vulnerability assessment of the workstation to identity security vulnerabilities that would 
compromise the secure operation of the workstation", "generating workstation security 
credentials based on the vulnerability assessment, the workstation security credentials including 
integrity information describing whether the workstation has been compromised", and "security 
posture information describing the workstation's potential for compromise", an example of prior 
art that fails to disclose or suggest, "completing a vulnerability assessment of the workstation to 
identity security vulnerabilities that would compromise the secure operation of the workstation", 
"generating workstation security credentials based on the vulnerability assessment, the 
workstation security credentials including integrity information describing whether the 
workstation has been compromised", and "security posture information describing the 
workstation's potential for compromise", an example of prior art in security is Dinh. Dinh 
discloses controlling computer system for performing remote system administration upon a 
stand-alone computer system. Dinh discloses after establishing a connection with the stand alone 
computer system, a preexisting diagnostic application on the stand alone computer system is 
initiated using the established communication between the controlling computer system and the 
stand alone computer system. Dinh discloses a remote diagnostic system; however, Dinh does 
not disclose or suggest controlling access to a network service in connection with "generating 
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workstation security credentials based on the vulnerability assessment, wherein the workstation 
security credentials comprise one of integrity information describing whether the workstation has 
been compromised, and security posture information describing the workstation's potential for 
compromise", Dinh only describes a computer diagnostic system; however, Dinh does not 
address any security vulnerabilities or security credentials. 

4. Another example in the art of security that fails to disclose or suggest, "completing a 
vulnerability assessment of the workstation to identity security vulnerabilities that would 
compromise the secure operation of the workstation", "generating workstation security 
credentials based on the vulnerability assessment, the workstation security credentials including 
integrity information describing whether the workstation has been compromised", and "security 
posture information describing the workstation's potential for compromise", an example of prior 
art that fails to disclose or suggest, "completing a vulnerability assessment of the workstation to 
identity security vulnerabilities that would compromise the secure operation of the workstation", 
"generating workstation security credentials based on the vulnerability assessment, the 
workstation security credentials including integrity information describing whether the 
workstation has been compromised", and "security posture information describing the 
workstation's potential for compromise", is Todd, Sr. et al. Todd Sr. et al. discloses a security 
self-assessment method for accessing the vulnerability of one or more hosts. Also, Todd Sr. 
discloses assessment of security dangers such as critical file accessibility, denial of service 
exposure. The host and server are coupled to the Internet, and the user at the arbitrary host on 
the Internet inputs data identifying the user and the target host. A network address is obtained 
for the user and a certification from Internet authorities can be checked to determine a network 
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address of the user and confirm that the user is authorized to assess the security vulnerabilities of 
the target host. However, Todd Sr. et al. fails to disclose after completing a vulnerability 
assessment, generating workstation security credentials based on the vulnerability assessment, 
the credentials including the integrity information describing whether the workstation has been 
compromised and the security posture information describing the workstation's potential for 
compromise. 

5. In the art of Non-patent literature, prior art fails to teach or suggest, "completing a 
vulnerability assessment of the workstation to identity security vulnerabilities that would 
compromise the secure operation of the workstation", "generating workstation security 
credentials based on the vulnerability assessment", "the workstation security credentials 
including integrity information describing whether the workstation has been compromised", and 
"security posture information describing the workstation's potential for compromise", an 
example of prior art that fails to teach or suggest, "completing a vulnerability assessment of the 
workstation to identity security vulnerabilities that would compromise the secure operation of the 
workstation", "generating workstation security credentials based on the vulnerability assessment, 
the workstation security credentials including integrity information describing whether the 
workstation has been compromised", and "security posture information describing the 
workstation's potential for compromise", is PC USER. PC USER teaches a virus scanner that 
scans the system by looking for virus signatures. PC USER teaches integrity checking by taking 
a fingerprint or validation code of the file. Once these fingerprints have been calculated the 
program then recalculates the validations to make sure the file hasn't changed. However, PC 
USER fails to suggest or teach, "generating workstation security credentials based on the 
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vulnerability assessment", "the workstation security credentials including integrity information 
describing whether the workstation has been compromised", and "security posture information 
describing the workstation's potential for compromise", Non-patent literature and more 
specifically, PC USER teaches a virus scanner that can block or scan for viruses on the system, 
there is no teaching or suggestion of generating credentials based on whether a workstation has 
been compromised or potential for compromise- 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jenise E. Jackson whose telephone number is (571) 272-3791. 
The examiner can normally be reached on M-Th (6:00 a.m - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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